DGS-3700-12/DGS-3700-12G Series Layer 2 Gigabit Ethernet Switch User Manual
157
The Client is simply the endstation that wishes to gain access to the LAN or switch services. All endstat ions must be
running software that is compliant with the 802.1X protocol. For users running Windows XP or W indows Vista, that
software is included within the operating system. All other users are required t o attain 8 02.1X client software from an
outside source. The Client will request access to the LAN and or S witch through EAPOL packets and, in turn will
respond to requests from the Switch.
Figure 5 - 18 The Client
Authentication Process Utilizing the three roles stated above, the 802.1X protocol provides a stable and secure way of authorizing and
authenticating users attempting to access the network. Only E APOL traffic is allowed to pass through the specifie d
port before a successful authentication is made. This port is “lock ed” until the point when a Client with t he correct
username and password (and MAC address if 802.1X is enabled by MAC addr ess) is granted access and therefore
successfully “unlocks” the port. Once unlocked, normal traffic is a llowed to pass thr ough the port. The f ollowing figure
displays a more detailed explanation of how the authentication proc ess is completed betwee n the three roles stated
above.
Figure 5 - 19 The 802.1X Authentication Process
The D-Link implementation of 802.1X allows network administrator s to choose b etween two types of Access Contro l
used on the Switch, which are:
1. Port-Based Access Control – This method requires only one user to be au thenticated per port by a remote
RADIUS server to allow the remaining users on the same port access to the n etwork.
2. Host-Based Access Control – Using this method, the Switch will automatically learn up to sixteen MAC
addresses by port and set them in a list. Each MAC address must be authenticated b y the Switch using a
remote RADIUS server before being allowed access to the Network.